Open links force-opened in Microsoft Edge in your default browser

Microsoft really wants Windows 10 users to chooselove their new Microsoft Edge web browser. Users don’t even need to choose it as their default browser, because seemingly normal web links all over Windows 10 and the Cortana digital assistant all force-open in Microsoft Edge rather than in your system defined default web browser of choice. Comtraya!

EdgeDeflector is my tiny new helper program that says “that isn’t cool!” to Windows, and lets you use your default web browser anyway.

I don’t hate Microsoft Edge — maybe you do! — but I do believe users who have bothered to configure a different default web browser should be allowed to keep using that default web browser. Edge is a portal for Microsoft to push its own features and services, and to collect personal data about people’s browsing habits. It’s understandable that Microsoft wants to push their own web browser, but this is not the way to do it.

How does it work and what does it do?

There is no complicated logic or magic to how EdgeDeflector works. Cortana and some of the core apps for Windows 10 use a special URI protocol to mask normal URIs and have them open in Microsoft Edge. Instead of the regular https://example.com/ link, Microsoft apps and services uses its own microsoft-edge:https://example.com/ link schema. As no other browser recognize this protocol and the protocol isn’t configured by the default web browser setting, Microsoft Edge is left as the only program that can open the link even when there are other browsers installed on the system.

EdgeDeflector registers itself as a program capable of opening these special microsoft-edge URIs. When you click one one of these links after installing EdgeDeflector, Windows will ask you how you want to open the link. By choosing EdgeDeflector, EdgeDeflector will rewrite the link to become a regular web link and pass it back to Windows. Windows will then open the link with your default web browser — whether that is Firefox, Chrome, Vivaldi, something else, or indeed Microsoft Edge.

Standards and URIs

You can’t change the default web browser away from Safari on iOS. To get around this, Google Chrome and pretty much every other web browser started adding their own browser vendor URI prefixes that worked the same way as the microsoft-edge URI on Windows 10. This allowed other app vendors and other apps by the browser vendor to open links in their browser of choice. It’s a neat little work around for something that wouldn’t ever have been an issue if Apple had allowed a greater level of customization on iOS.

Advertisement

The special vendor URIs on iOS and now Windows 10 are all about vendor lock-in. As a user, your choices for what software you want to run are limited by corporate interests that conflict with your own ability to choose your own preferred web browser. This is unhealthy for the mobile web as a whole, and it’s an unhealthy and undesirable development on desktop operating systems.

I don’t believe the other browser vendors should register and attempt to hijack this vendor specific browser schema by default. Although it’s technically possible, as evidenced by the existence of EdgeDeflector, this would only instigate an undesirable war with Windows where ultimately even more lockdown is the most probable end result.

If you agree with me and want Windows to stop forcing the use of Microsoft Edge and rather have it respect your choice of default browser, please let Microsoft know in the Windows Feedback Hub (requires Windows 10).

Microsoft Edge has two and a half custom URI protocols in addition to the standard http and https. These are the mostly undesirable microsoft-edge and the as of yet unused microsoft-edge-holographic, plus the read schema. It’s unclear what microsoft-edge-holographic is supposed to do; as of now it creates an infinite loop of opening tabs in Windows preview builds.

The read protocol for Edge’s reading view, e.g. read:https://www.ctrl.blog/entry/edgedeflector-default-browser, is more interesting but I’ve already covered it in a separate article. I personally believe that the read URI is quite a good innovation and would love to see other web browsers implement this URI schema. Firefox, Safari, and Vivaldi all have their own reading views with their own URIs – and they’re all terrible in comparison with Edge’s neat little read: links.

Wait— doesn’t this program of yours already exist?

Only after completing the programming on EdgeDeflector as a weekend project, did I discover that there already was a program that tries to do the exact same trick as EdgeDeflector. (I was using Bing for search that week, go figure.) SearchWithMyBrowser seems to be quite popular based on the number of articles written about it. However, after quickly reading through the code I discovered serious problems such as a arbitrary code execution vulnerabilities (e.g. microsoft-edge:calc.exe would open the Calculator app rather than a browser) and unwittingly executing invalid commands on the system level for some of the microsoft-edge URIs that are found in Windows.

I’d already thought of and addressed these problems to the best of my ability in EdgeDeflector. I’ve contacted the author of SearchWithMyBrowser to let him know about the problems. Another of these programs has received quite a lot of media attention in the tech press in the past, so there should be quite a few vulnerable systems out there. Ouch.

Update 2017 February: SearchWithMyBrowser has since been updated to version 1.0.0 which patches most attack vectors for the vulnerability mentioned above. This version also introduces usability improvements like a binary distribution package.

Note on responsible disclosure of security vulnerabilities: I had problems getting in touch with the developer privately, and ended up posting about the vulnerability on the public bug tracker for lack of a private communication channel. As SearchWithMyBrowser doesn’t have auto-update nor any way to notify users of new versions, the vulnerability will probably remain unpatched for the majority of users for the lifetime of their Windows installation whether an updated version of the software had been made available or not.